Optus customers’ personal data exposed in major cyberattack

22 Sep 2022

Image: © Jackie Davies/Stock.adobe.com

The Australian telecoms company said the information that may have been exposed includes customers’ names, dates of birth, phone numbers and email addresses.

Australian telecoms company Optus has suffered a data breach that may have affected up to 9m customers, according to The Australian newspaper.

A spokesperson for the company told SiliconRepublic.com that it could not confirm a number at this time and is still conducting the investigation to determine scope of the incident.

“We’ve gone out early to all of our customers even though we know not all have been impacted. We really do think it gives customers a better chance, but it unfortunately it means we don’t have all the answers,” they said.

In a statement released today (22 September), the company confirmed it had been hit by a cyberattack that may have led to the unauthorised access of customer details. Information that may have been exposed includes customers’ names, dates of birth, phone numbers and email addresses.

It also said a subset of customers may have had addresses exposed as well as ID document numbers such as driver’s licence or passport numbers. The company added that payment details and account passwords have not been compromised.

Optus is one of the largest wireless carriers in Australia, with more than 10.2m mobile subscribers as of December 2019.

CEO Kelly Bayer said the company is “devastated” to have been subject to the cyberattack.

“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” she said.

“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.”

The company said it is working with the Australian Cyber Security Centre to mitigate risks and has notified the Australian Federal Police, the Office of the Australian Information Commissioner and key regulators.

“Optus has also notified key financial institutions about this matter,” said Bayer. “While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Jenny Darmody is the deputy editor of Silicon Republic

editorial@siliconrepublic.com